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Game is ever changing... 
Are you? 
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General 
Data 
Protection 
Regulation 


Cyber Security 


What happens every second 


7,826 Tweets sent in 1 second 
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This will be our digital 
universe tomorrow ... 
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Cyber Security is a tough job 


1 Million EPS (Events 


per second) 


e > 3.6 billion 
events/hour 

e > 84 billion 
events/day 


Time to scroll through 


1M events: 1.4 hours 


Regulations 


Privacy Landscape- the larger picture 


EU 95/96 Directive 
European Union General Data 


Protection Regulations 
released in 2016 
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Regulation & enforcement view 
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Robust 


Philippines 
Data Privacy Act of 
2012 8 
implementing 
regulatory rules 


Moderate 


Limited 


Sectoral 


NEW ZEALAND 
Privacy Act 1993 


<b Irrespective of the various jurisdictions and the sectors, all privacy regulations are based on the Generally Accepted Privacy 
Principles 


GDPR 


E 
Up to €10 million, or 2% annual global turnover — whichever is higher; or 
EU Data Subjects Up to €20 million, or 4% annual global turnover — whichever is higher. 
Vs Penalties 
CCPA 
D D D a 
California Residents Up to $2,500 per violation or 
$7,500 per intentional violation, but notably does not place a cap on the total amount of 
fines 
All organizations 
Vs e 
: SS GDPR — CCPA 
For Profit Legal Entities 
Right of Access 
- All data concerning a data subject 
All Personal Data 
m - Only applies to data collected from the consumer 
Vs Right to Deletion 
- All data concerning a data subject 
Particular Categories | 
- Only applies to data collected from the consumer 
E Right to Opt-out of Personal Information Sales 
No such provision - The GDPR does not include a specific right to opt-out of personal data 
sales. However, the GDPR does contain other rights a data subject may 
Vs use to obtain a similar result in certain circumstances. 


- Allows people to opt-out of a business ability to collect or sell their 
Disclose Data Sales personal data. 


India Personal Data Protection Bill (PDPB) - Definitions 


Personal data 


means data about or 
relating to a natural person 
who is directly or indirectly 
identifiable, having regard to 
any characteristic, trait, 
attribute or any other feature 
of the identity of such 
natural person, or any 
combination of such 
features, or any combination 
of such features with any 
other information 


Data Principal 
(Data Subject) 


means the natural person to 
whom the personal data 
referred relates 


Data Fiduciary 
(Data Controller) 


means any person, 
including the State, a 
company, any juristic entity 
or any individual who alone 
or in conjunction with others 
determines the purpose and 
means of processing of 
personal data; 


Data Processor 


means any person, 
including the State, a 
company, any juristic entity 
or any individual who 
processes personal data on 
behalf of a data fiduciary, 
but does not include an 
employee ofthe data 
fiduciary 


Significant Data 
Fiduciary 


Organizations which under 

the following categories: 
High volume of data 
processing 
Processing of SPI 
High turnover 
Use of new 
technologies for PI 
processing 
Processing involving 
risk of harm to data 
principals 
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India Personal Data Protection Bill (PDPB) 


Personal Data Protection Bill (PDPB) 


Parameters to identify an 
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The aim of the PDPB is to reinforce data protection rights of individuals, facilitate the free flow of organization as a 
personal data in the digital single market and reduce administrative burden. ta 


fiduciary 


3 to 5 years of 
imprisonment or 


 Individuz 
2% to 4% of © iabil | onetary fine or 
worldwide turnover \ | ol 
or INR 5to 15 Penalties IL 
Crores whicheveris P | CS , 
greater | 2 p=. 5 2 


It applies to all data fiduciaries and processors established in India, as well as those 
established outside India that target Indian citizens. 


Where could one go 
WRONG? 


nly looking at Compliance through 
the lens 

of Regulation 

and not Reputation 


— Cyber Security in the Board room 


Defending our Cyber space is top to-do: 


Over 53000 cyber security incidents observed in 2017 (Like Phishing, website intrusions and 
defacements, virus and ransomware attacks) 


Al powered attacks (Chatbots, Al password attacks) 


Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021, up 
from $3 trillion in 2015. 


By 2022, cybersecurity ratings will become as important as credit ratings when assessing the risk of 
business relationship 
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Cyber Security 
Framework 


Industry Best 
Practices 


